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ABSTRACT 



The data security system uses a volatile key apparatus to_ 
create and manage a master file , comprising a single 
encrypted file that is stor ed on the hard dr j y^ nf the compute r 
system. The master file contains all of the passwords, 
cryptokeys and security codes that are used by conventional 
security programs and apparatus resident on the computer 
system to s afeguard the confide ntial Haia t hat is contained in 
t he memory of the computer system . The master key tha t is 
used to encrypt and decrypt this master file is stored in the 
v olatile key apparatus , which is a piece of hardware located 
in the personal computer and directly connected to the 
system bus. When a violation of the system security proce - 
dures is detected, the master key is erased from the volatile 
key apparatus., thereby p reventing access to the encrypted 
i nformation that is stored on the fiarri drive The encryption 
protected data can still be r etrieved from the hard drive by 
the authorized user reinstalling the master kev in the volatile 
key apparatus^ thereby enabling decryption of the encrypted 
passwords, cryptokeys and security codes that are stored in 
the master file. The conventional security programs and 
apparatus resident on the computer system can then use the 
contents of the master file to r etrieve the encrypted data from 

t he memor y. 
, — — — 

18 Claims, 4 Drawing Sheets 
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VOLATILE KEY APPARATUS FOR 
SAFEGUARDING CONFIDENTIAL DATA 
STORED IN A COMPUTER SYSTEM 
MEMORY 

FIELD OF THE INVENTION 

This invention relates to computer systems and, in 
particular, to a volatile key apparatus that creates an 
encrypted master file to securely store all of the nasswT^dE. 
s ecurity codes and cryptokeys that are used to safeguard th e 
contents of a computer memory. 

It is a problem in the field of computer systems to provide 
an effective manner of safeguarding the integrity of data that 
is stored in memory. In most computer and data storage 
systems, the privacy of computer data can be compromised 
without undue effort due to a lack of security measures 
installed on such systems. In computer systems that imple- 
ment data security, the users typically find the data security 
systems either burdensome to use or largely ineffective in 
their operation. 

In the field of personal computer systems, the data that is 
stored thereon is typically intended to remain private to the 
particular user who creates the data. This data can comprise 
medical, financial, legal, political and personal information 
that the user has collected and stored in a conveniently 
accessible manner by writing into the memory of the per- 
sonal computer. The security of this information can be 
ensured to a certain degree by the use of computer 
passwords, which prevent an unauthorized user from acti- 
vating the computer system. The password system prevents 
the system from booting and therefore prevents the unau- 
thorized user from being able to access the data that is stored 
on the hard drive. However, this password system can be 
thwarted in a number of ways. The unauthorized user can 
boot the system from a floppy disk thereby bypassing the 
password protection. Alternatively, the unauthorized user 
can remove the hard drive and install it on a personal 
computer that is not password protected. A third mode of 
attack comprises the use of a brute force attack where the 
unauthorized user submits a series of likely passwords until 
a password match is attained. The number of passwords 
submitted can be large, and if the password system is of 
limited capability, such an attack can be effective. 

An alternative method of data security is obtained by the 
use of cryptosystems, wherein the stored data is encrypted 
using a user provided cryptokey. The use of cryptography is 
commonly used in the transmission of secure data over a 
non-secure transmission medium, such as the telephone 
lines, or over the Internet. When the data stored on a 
personal computer memory is encrypted, the cryptokey is 
typically also stored on the same memory, thereby subject- 
ing the cryptokey system to being by comprised. This can be 
accomplished by obtaining access to the personal computer 
and subjecting the cryptokey system to a brute force attack 
by the submission of a large number of cryptokeys. 

A further dimension to the problem is that the users have 
an ever increasing number of passwords and cryptokeys to 
remember. Users typically write down the passwords and 
cryptokeys, thereby compromising the effectiveness of the 
security system. The basic encryption system also requires 
that specific information, such as the encryption key be 
available for use by the security system. The encryption key 
can be stored on removable media to increase security, but 
loading the security key floppy can be a nuisance, thereby 
reducing the probability that the user will maintain the 
system. The user is likely to store the data on the hard disk 
for convenience or leave the floppy disk in a readily acces- 
sible area. 
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U.S. Pat. No. 5,515,540 discloses a microprocessor that 
has improved security against tampering, including attempts 
at active tampering. A battery backed microcontroller 
includes encryption and power management functions, and 

5 is combined with a battery and a volatile semiconductor 
memory. The microcontroller supplies power to the semi- 
conductor memory. When a security violation is detected, 
the microcontroller wipes its encryption registers and 
grounds the power output pin to the memory. This operation 

10 destroys all of the data that is stored in the memory. 
Unfortunately, this system cannot simply recover from a 
security violation, since all of the data is erased. 

The above described problems are solved and a technical 
advance achieved by the present data security system which 

15 uses a volatile key apparatus to create and manage a master 
file, comprising a single encrypted file that is stored on the 
hard drive of the computer system. The master file contains 
all of the passwords, cryptokeys and security codes that arc 
used by conventional security programs and apparatus rcsi- 

20 dent on the computer system to safeguard the confidential 
data that is contained in the memory of the computer system. 
The master key that is used to encrypt and decrypt this 
master file i s_stored in the volatile kev apparatus , which is 
a piece of hardware located in the personal computer and 

25 directly connected to the system bus. When a violation of the 
system security procedures is detected, ^m a * tpr v fy h 
e rased from the volatile key apparatus , thereby preventing 
access to the encrypted information that is stored on the hard 
drive. The encryption protected data can still be retrieved 

30 from the hard drive by the authorized user reinstalling the 
master key in the volatile key apparatus, thereby enatling 
decryption of the encrypted passwords, cryptokeys and 
security codes that are stored in the master file. The con- 
ventional security programs and apparatus resident on the 

35 computer system can then use the contents of the master file 
to retrieve the encrypted data from the memory. 

The present data security system can be activated by a 
security violation that is detected by ancillary equipment, 
such as that disclosed in U.S. Pat. No. 5,675,321, or in 

40 response to a brute force attack on the password system. The 
present data security system can be integrated with such 
ancillary equipment or can represent a separate security 
system. In cither case, by combining an effective software 
cryptosystcm, such as PGP Cryptosystcm, with the volatile 

45 key apparatus, a high level of data security for the confi- 
dential data stored on the computer system memory can be 
attained. 

BRIEF DESCRIPTION OF THE DRAWING 

50 

FIG. 1 illustrates in block diagram form the basic archi- 
tecture of a typical computer system that is used to imple- 
ment the present data security system; 

FIG. 2 illustrates in block diagram form the architecture 
55 of the present data security system as implemented in a 
personal computer system, such as that shown in FIG. 1; and 

FIGS. 3 and 4 illustrate in flow diagram form the opera- 
tion of the present data security system to decrypt an 
encrypted file using the master key. 

60 DETAILED DESCRIPTION 

FIG. 1 illustrates in block diagram form the basic archi- 
tecture of a typical computer system that is used to imple- 
ment the present data security system. FIG. 1 and the 
65 following discussion are intended to provide a brief, general 
description of a suitable computing environment in which 
the invention may be implemented. Those skilled in the art 
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will appreciate that the invention may be practiced with 196. The personal computer 100 may operate in a networked 
other computer system configurations, including hand-held environment using logical connections to one or more 
devices, multi-processor systems, microprocessor-based or remote computers, such as a remote computer 180. The 
programmable consumer electronics, network PCS, remote computer 180 may be another personal computer, a 
minicomputers, mainframe computers, and the like. The 5 server, a router, a network PC, a peer device or other 
invention may also be practiced in distributed computing common network node, and typically includes many or all of 
environments where tasks are performed by remote process- the elements described above relative to the personal com- 
ing devices that are linked through a communications net- puter 100. 

work In a distributed computing environment, program ^ logical connec ti ons dep icted in FIG. 1 include a local 

modules may be located m both local and remote memory 10 area network (LAN) 171 and a wide area network (WAN) 

storage devices, 173 Such networ kj n g environments are commonplace in 

With reference to FIG. 1, an exemplary system for imple- offices, enterprise -wide computer networks, intranets and 

menting the invention includes a general purpose computing the Internet. 

device in .he form of a conventional personal computer 100, wheQ used in , ^ nelworki environment, the per- 

which comprises a processing module 110 including a 15 sona , , er 100 fa connec(ed tQ ^ , oca , netWQrk \ n 

processing unit 120, a system memory 130, and a system bus , hr0 fa , ne(work of ^ m 

121 that couples various system components including the _____ , . -- 7 _ VT 

system memory 130 to the processing unit 120. The system ™}* n uscd ™ a WAN networking environment, the per- 

bus 121 may be any of several types of bus structures sonal computer 100 typically includes a modem 172 or other 

including a memory bus or memory controller, a peripheral 20 means , f ° r «t*Mishing communications over the wide area 

bus, and a local bus using any of a variety of bus architec- network 173 ' such as thc Inlernet * ^ modem 172 ' whicn 

tures. The system memory 130 includes read only memory J?/ be mternal or exleraa1 ' 15 connected t0 -he system bus 

(ROM) 131 and random access memory (RAM) 132. Abasic 121 via tne senal P ort ">tcr&ce 160. In a networked 

input/output system 133 (BIOS), containing the basic rou- environment, program modules depicted relative to the 

tines that helps to transfer information between elements 25 Personal computer 100, or portions thereof, may be stored in 

within the personal computer 100, such as during start-up, is the "f 0 ^ memory storage device 185. It will be appreci- 

stored in ROM 131. The personal computer 100 further al * d that lhe n ?™ r * ™ nne ctions snow " are exemplary and 

includes a hard disk drive 140 for reading from and writing ° l ther means of establishing a communications link between 

to a hard disk, a magnetic disk drive 151 for reading from the com P uters ma Y be used - 

or writing to a removable magnetic disk 152, and an optical 30 Security System Architecture 
disk drive 155 for reading from or writing to a removable 

optical disk 156 such as a CD ROM or other optical media. FIG - 2 illustrates in block diagram form the architecture 

The hard disk drive 141, magnetic disk drive 151, and of the present data security system 200 as implemented in a 

optical disk drive 155 are connected to the system bus 121 personal computer system, of the type shown in FIG. 1, and 

by a hard disk drive interface 140, a magnetic disk drive 35 FIGS - 3 and 4 illustrate in flow diagram form the operation 

interface 150, and an optical drive interface 155, respec- of lDe present data security system 200 to decrypt an 

lively. The drives and their associated computer-readable encrypted file using the master key. 

media provide nonvolatile storage of the operating system In a computer system, thc information stored thereon can 

144, application programs 145, other program modules 146 be segmented into discrete categories: application programs, 

and other program data 147 for the personal computer 100. 40 non-critical application data, critical application data. The 

Although the exemplary environment described herein application programs represent the typical commercially 

employs a hard disk, a removable magnetic disk 152 and a available word processing, communications and database 

removable optical disk 156, it should be appreciated by programs that do not warrant any degree of security 

those skilled in the art that other types of computer readable protection, since they are commodity elements that can 

media which can store data that is accessible by a computer, 45 easily be replaced. Likewise, there is a large volume of 

such as magnetic cassettes, flash memory cards, digital computer data that is generated pursuant to the use of the 

video disks, Bernoulli cartridge, random access memories application program that represents noncritical data, whose 

(RAMs), read only memories (ROM), and the like, may also retrieval by an unauthorized party would not represent a 

be used in the exemplary operating environment. A number significant security breach. However, the last class of data 

of program modules may be stored on the hard disk, 50 comprises the sensitive, user-specific information, such as 

magnetic disk 152, optical disk 156, ROM 131 or as shown medical, financial, legal, political and personal information 

in RAM 132, including an operating system 134, one or that the user has collected and stored in the memory of thc 

more application programs 135, other program modules 136, computer system. This critical data, whether formatted for 

and program data 137. A user may enter commands and transmission or simply for storage in the personal computer 

information into the personal computer 100 through input 55 system memory, should be safeguarded using an effective 

devices such as a keyboard 162 and pointing device 161. data security system. 

Other input devices (not shown) may include a microphone, The present data security system 200 enables the corn- 
joystick, game pad, satellite dish, scanner, or the like. These puter system to encrypt and decrypt these critical files using 
and other input devices are often connected to thc processing a cryptosystem, such as thc commercially available PGP 
unit 120 through a serial port interface 160 that is coupled 60 Cryptosystem 246 that is stored in memory 204 and that 
to the system bus 121, but may be connected by other executes on CPU 202 while safeguarding the cryptokeys 
interfaces, such as a parallel port, game port or a universal used by this cryptosystem 246. In the traditional cryptosys- 
serial bus (USB). A monitor 191 or other type of display tern operation, the PGP Cryptosystem 246 encrypts and 
device is also connected to the system bus 121 via an decrypts data files using two separate cipher engines 247, 
interface, such as a video adapter 190. In addition to the 65 248 to maximize both security and efficiency. One cipher 
monitor 191, personal computers 100 typically include other engine, conventional cipher engine 247, comprises a fast 
peripheral output devices, such as speakers 197 and printers process that uses a single key to both encrypt and decrypt the 
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data. The problem with using the conventional cipher engine 
247 is that the single key is difficult to secure in terras of its 
transmission between sender and receiver. To overcome this 
problem, a second cipher engine, public cipher engine 248, 
is used to implement a public key cipher function wherein 
the sender uses a publicly known key to send a message that 
can only be read with the recipient's private key. The two 
cipher engines 247, 248 operate together and include a 
process that is invisible to the user that creates a temporary 
random single cryptokey for each "session" to encrypt the 
plain text file using the conventional cipher engine. The 
recipient's public key is used to encrypt this temporary 
cryptokey (session key 231). The public key encrypted 
session key 231 is then transmitted along with the cipher text 
to the recipient. The recipient uses their private cryptokey to 
recover the session key 231 and then uses that single key to 
run the fast conventional cipher engine 247 to decrypt the 
ciphertcxt message. Thus, the public cipher engine 248 is 
only used to securely send the session key 231. The problem 
with this system is that the cryptosystem 246 must maintain 
the private key under the recipient's physical control for the 
system to be operational. The need for physical control 
means that the private key is stored on the hard drive 204 for 
convenience and may only be protected from unauthorized 
access by means of a password, if such a function is even 
used, The passwords are typically stored in Flash RAM 213. 

The present data security system 200 provides an addi- 
tional level of security to this cryptokey system by safe- 
guarding the private key that is stored in the memory 204 of 
the personal computer system. This is accomplished by the 
storage of the passwords, access codes and cryptokeys that 
are used by the conventional security programs and appa- 
ratus resident on the computer system in encrypted form in 
the memory 204 in a master file 242. This renders this 
security information unusable to the unauthorized user with- 
out the availability of the master key to decrypt these stored 
passwords, access codes and cryptokeys. 

Operation of the Security System 
When an application must decrypt a data file, access code, 
password, or cryptokey (collectively termed "data file" 
herein for simplicity) that is stored in memory 204 in 
encrypted form, the application at step 301 calls the cryp- 
tosystem 246 to execute the decryption process. The cryp- 
tosystem 246 begins the decryption process by calling for 
the private key 243 for this data file at step 302. The private 
key is located in the master file 242 in memory 204 and is 
retrieved by the cryptosystem 246 calling the security man- 
ager process 249 at step 303. The security manager process 
249 passes control of the computer system to the key control 
engine 218 at step 304 to generate the required session key 
231 to enable the decryption process to continue. This is 
accomplished when the key control engine 218 retrieves the 
master key 219 from the static RAM 217 to the CPU 202 at 
step 305, where the conventional cipher engine 247 executes 
and uses the master key 219 to decrypt the private key at step 
306. The decrypted private key is then used by the public 
cipher engine 248 to produce a session key 231 at step 307. 
The session key 231 is stored in the CPU memory 203 at step 
308 while the key control engine 218 erases the decrypted 
private key and the master key from the CPU memory 203 
at step 309 before returning control back to the cryptosystem 
246 at step 310. This session key 231 runs the cryptosystem 
conventional cipher engine 247 at step 311 using the CPU 
202. 'ttie ciphertexl (encrypted) file 241 is processed at step 
312 into a plaintext (conventional file) 245 which is stored 
on the hard drive 204 at step 313. 
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Security Integrity Verification 

Within the volatile key apparatus 201 are specific 
instructions, termed the "key control engine" that are stored 
on a read only memory 214, When the security manager 249 

s passes control to the key control engine 218 at step 304, the 
security integrity verification process is executed by the key 
control engine 218. The key control engine 218 at step 401 
initiates the security integrity verification process, which 
typically comprises a plurality of checks to ensure that the 

10 security of the computer system has not been breached. 
One method of tamp er deterrence is the generation of a 
checksum on the PffFClpher engines 247, 248. Thus, all of 
Ihe sensitive encryption instruction codes are maintained in 

]5 a single file, with the generated checksum being usable to 
detect alteration of the file content s. The checksum resnli is 
stored in the volatile memory 217 with the master key. Thus, 
at step 402, the key control engine 218 runs a security check 
of the two cipher engines 247, 248 that comprises the 

2Q cryptosystem 246 that runs on CPU 202. The key control 
engine 218 runs a ch ecksum on both the cipher engine s 247, 
248 and the lock nut instru ctions to ensure that neither has 
been tampered with . If a security violation is detected, then 
processing advances to step 410 as described below. 

25 The control circuit 212 also maintains a record of all 
password attempts and their frequency. An internal clock 
216 is used to track the elapsed time between attempted 
accesses to the password Flash RAM 213. Passwords that 
are submitted by a user are matched by the control circuit 

30 212 and are unavailable to the CPU 202. Therefore, the CPU 
202 cannot be used to compromise the operation of the 
control circuit 212 and the contents of the Flash RAM 213 
and ROM 214. The control circuit 212 at step 403 deter- 
mines the frequency of unsuccessful password attempts and 

35 at step 404, if the measured frequency exceeds a predeter- 
mined threshold, then a security violation is detected, and 
processing advances to step 410 as described below. If there 
is no indication of tampering, the master key is passed to the 
CPU at step 305 and used in the conventional cipher engine 

40 to produce the decrypted access code. 

In the event that the computer system or volatile key 
apparatus 201 determines a violation of security, such as a 
bpu e force Bttrtrkj at strp 410 the volatile key apparatus 201 
grasp.s th ? pnntpniQ r^f jfrp v olatile memory 217 thereby 

45 el iminating the master kev 219 as well as the checksum. 
Without the master key 219, to decrypt the private key 
243, a session key 231 cannot be produced and without the 
session key 231, the ciphertext 241 can not be decrypted. 
The authorized user can restore the master key 21 9 T in th e 

50 v olatile key apparatus 201 of the personal computer from a 
c opy ot the master kev when has Deen main tained in a 
disparate secure location^ such as a sare deposit nny 
volatile key apparatus 201 can he initialized using interface 
software 221 that function as an application program on the 

55 personal computer. The volatile key apparatus 201 is typi- 
cally seeded with a stock password, such as "11 ... 11" and 
the user can then program in their own personally selected 
password. Using the stock password key, the user can access 
the volatile key apparatus 201 and create a master key^ . The 

60 master key can then be cop iff ] find JTlnfTfld in nfr lop ing in 
a jocationj jirpimtp fr/^ j fa p ersonal c/imp nter The created 
passw ords are stored in Flash RAM 213. 

A further deterrent is the use of the data security system 
201 which signals the control circuit 212 via dedicated 

65 signal conductors and the I/O port of the control circuit 212. 
The received signals are used to determine whether physical 
tampering of the personal computer has occurred. Even if 
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the contents of the volatile memory 217 are erased, the 
information stored therein can be reloaded by the user 
providing the master key 219. The power provided to 
operate the control circuit 212 and the volatile memory 217 
are provided by a separate battery 211 that is used to power 5 
these circuit elements. 

The data security system uses a volatile key apparatus to 
create and manage a master file, comprising a single 
encrypted file that contains all of the passwords, cryptokeys 
and security codes that are used by conventional security io 
programs and apparatus resident on the computer system to 
safeguard the confidential data that is contained in the 
memory of the computer system. The master key that is used 
to encrypt and decrypt this master file is stored in the volatile 
key apparatus, which is a piece of hardware located in the 15 
personal computer and directly connected to the system bus. 
When a violation of the system security procedures is 
detected, the master key is erased from the volatile key 
apparatus, thereby preventing access to the encrypted infor- 
mation that is stored on the hard drive. 20 

What is claimed: 

1. A data security system resident in a computer system 
for preventing unauthorized access to at least one encrypted 
data file stored in a memory of said computer system, 
comprising: 25 

means for encrypting a private key associated with an 
encrypted data file and that is used to decrypt said 
encrypted data file, using a master key; 

means for storing said encrypted private key; 

volatile memory means for storing said master key; 

means, responsive to a request to decrypt said encrypted 
data file, for generating said private key from said 
encrypted private key using said master key; 

means for detecting a security violation; and 35 

means, responsive to a detected security violation, for 
automatically erasing said master key from said volatile 
memory means. 

2. The data security system of claim 1 wherein said means 
for detecting a security violation comprises: 40 

means for detecting an attempt at unauthorized access to 
said encrypted data file. 

3. The data security system of claim 1 wherein said means 
for detecting a security violation comprises: 

means for detecting an anomaly in said means for 45 
encrypting. 

4. The data security system of claim 1 wherein said means 
for generating comprises: 

means for decrypting said private key from said encrypted 
private key; 

key control means for regulating generation of said pri- 
vate key; 

security manager means, responsive to said request to 
decrypt said encrypted data file, for switching control 55 
of a processor in said computer system to said key 
control means; and 

wherein said key control means is responsive to receipt of 
control of said processor for transmitting said master 
key to said means for decrypting to produce said 60 
private key. 

5. The data security system of claim 4 wherein said key 
control means is responsive to generation of said private key 
for erasing said master key from said processor. 

6. The data security system of claim 1 further comprising: 65 
means, responsive to said means for erasing having 

removed said master key from said volatile memory 
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means, for enabling an authorized user to rewrite said 
master key into said volatile memory means. 

7. A method of operating a data security system that is 
resident in a computer system to prevent unauthorized 
access to at least one encrypted data file stored in a memory 
of said computer system, comprising the steps of: 

encrypting a private key associated with an encrypted data 
file and that is used to decrypt said encrypted data file, 
using a master key; 

storing said encrypted private key in a master file 
memory; 

storing said master key in a volatile memory; 

generating, in response to a request to decrypt said 
encrypted data file, said private key from said 
encrypted private key using said master key; 

detecting a security violation; and 

erasing, in response to a detected security violation, said 
master key from said volatile memory. 

8. The method of operating a data security system of claim 
7 wherein said step of detecting a security violation com- 
prises: 

detecting an attempt at unauthorized access to said 
encrypted data file. 

9. The method of operating a data security system of claim 
7 wherein said step of detecting a security violation com- 
prises: 

detecting an anomaly in said step of encrypting. 

10. The method of operating a data security system of 
claim 7 wherein said step of generating comprises: 

decrypting in a cipher engine said private key from said 

encrypted private key; 
regulating generation of said private key; 
switching control of a processor in said computer system 

to said key control means in response to said request to 

decrypt said encrypted data file; and 
wherein said step of regulating generation is responsive to 

receipt of control of said processor for transmitting said 

master key to said cipher engine to produce said private 

key. 

11. The method of operating a data security system of 
claim 10 wherein said step of regulating generation is 
responsive to generation of said private key for erasing said 
master key from said processor. 

12. The method of operating a data security system of 
claim 7 further comprising the step of: 

enabling, in response to said step of erasing having 
removed said master key from said volatile memory, an 
authorized user to rewrite said master key into said 
volatile memory. 

13. A data security system resident in a computer system 
for preventing unauthorized access to encrypted data file 
stored in a memory of said computer system, comprising: 

cipher engine means for encrypting a data file using a 
private key that is also capable of decrypting said data 
file; 

means for storing said encrypted data file; 
means for encrypting said private key using a master key; 
means for storing said encrypted private key in a master 
file memory; 

volatile memory means for storing said master key; 

means, responsive to a request to decrypt said encrypted 
data file, for generating said private key from said 
encrypted private key stored in said master file memory 
using said master key; 
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means for detecting a security violation; and 

means, responsive to a detected security violation, for 

erasing said master key from said volatile memory 

means. 

14. The data security system of claim 13 wherein said 5 
means for generating comprises: 

means for decrypting said private key from said encrypted 
private key; 

key control means for regulating generation of said pri- Q 
vate key; 

security manager means, responsive to said request to 
decrypt said encrypted data file, for switching control 
of a processor in said computer system to said key 
control means; and 15 

wherein said key control means is responsive to receipt of 
control of said processor for transmitting said master 
key to said means for decrypting to produce said 
private key. 

15. The data security system of claim 14 wherein said key 20 
control means is responsive to generation of said private key 
for erasing said master key from said processor. 

16. A method of operating a data security system that is 
resident in a computer system for preventing unauthorized 
access to encrypted data file stored in a memory of said 25 
computer system, comprising the steps of: 

encrypting, in a cipher engine, a data file using a private 

key that is also capable of decrypting said data file; 
storing said encrypted data file; 
encrypting said private key using a master key; 
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storing said encrypted private key in a master file 
memory; 

storing said master key in a volatile memory; 
generating, in response to a request to decrypt said 

encrypted data file, said private key from said 

encrypted private key stored in said master file memory 

using said master key; 
detecting a security violation; and 
erasing, in response to a detected security violation, said 

master key from said volatile memory. 

17. The method of operating a data security system of 
claim 16 wherein said step of generating comprises: 

decrypting said private key from said encrypted private 
key; 

regulating generation of said private key; 

switching, in response to said request to decrypt said 
encrypted data file, control of a processor in said 
computer system to said step of regulating generation; 
and 

wherein said step of regulating generation is responsive to 
receipt of control of said processor for transmitting said 
master key to said cipher engine to produce said private 
key. 

18. The method of operating a data security system of 
claim 17 wherein said step of regulating generation is 
responsive to generation of said private key for erasing said 
master key from said processor. 



05/06/2004, EAST Version: 1.4.1 



